id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux
11167 migrate sha-1 to sha-2 ubuntu_demon nobody "I believe it's time to migrate from sha-1 to sha-2.
Motivation :
from http://csrc.nist.gov/groups/ST/hash/policy.html :
""
NIST's Policy on Hash Functions
March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols.""
from http://en.wikipedia.org/wiki/Sha-1#SHA-1 :
""
In February 2005, an attack by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu was announced.[15] The attacks can find collisions in the full version of SHA-1, requiring fewer than 2**69 operations. (A brute-force search would require 280 operations.)
........
Cameron McDonald, Philip Hawkes and Josef Pieprzyk presented a hash collision attack with complexity 2**52 at the Rump session of Eurocrypt 2009""
From http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html :
""But there's an old saying inside the NSA: ""Attacks always get better; they never get worse."" Just as this week's attack builds on other papers describing attacks against simplified versions of SHA-1, SHA-0, MD4, and MD5, other researchers will build on this result. The attack against SHA-1 will continue to improve, as others read about it and develop faster tricks, optimizations, etc. And Moore's Law will continue to march forward, making even the existing attack faster and more affordable.""
I believe it's just a matter of time (years?) for an attack to be announced which finds collisions in SHA-1 in 2**39 operations (the current state of SHA-0).
" closed Uncategorized 1.0 duplicate Unreviewed 0 0 0 0